<?php

/**
 * MVM_MALL 网上商店系统  公告牌公共处理文件
 * ============================================================================
 * 版权所有 (C) 2007-2010 www.mvmmall.com，并保留所有权利。
 * 网站地址: http://www.mvmmall.com
 * ----------------------------------------------------------------------------
 * 这是一个免费开源的软件；这意味着您可以在不用于商业目的的前提下对程序代码
 * 进行修改、使用和再发布。
 * ============================================================================
 * $Author:  www.mvmmall.com  $
 * $Date: 2008-06-27 $
 * $Id: board_ok.php  www.mvmmall.com$
 * ---------------------------------------------
*/

require_once './include/common.inc.php';
include_once MVMMALL_ROOT.'./include/board_comm.inc.php';
/**数据处理**/
if($ps_mode == 'write' || $ps_mode == 'modify' || $ps_mode == 'reply') {
	!$board_name  && $board_name  = $m_check_name;
	!$board_id    && $board_id    = $m_check_id;
	!$board_email && $board_email = $m_check_email;
	!$board_name  && show_msg('board_name');
	!$board_body  && show_msg('board_body');
	//验证码判断
	if(($mm_board['write_code']==1 && $ps_mode=='write') || ($mm_board['reply_code']==1 && $ps_mode=='reply')){
		require_once 'include/captcha.class.php';
		$Captcha= new  Captcha();
		!$Captcha->CheckCode($code) &&	show_msg('code_wrong');
	}
	/**过滤数据**/
	if($mm_board['use_html']=='1' && $m_check_rank >=$mm_board['class_html']){
		//$board_body = nl2br($board_body);
	}else {
		//$board_body = nl2br(dhtmlchars($board_body));
		$board_body = dhtmlchars(nl2br($board_body));
		$board_body=str_replace(chr(13),'',$board_body);
		$board_body=str_replace(chr(10),'',$board_body);
	}
	$board_name     = dhtmlchars($board_name);
	$board_email    = dhtmlchars($board_email);
	$board_subject  = dhtmlchars($board_subject);
	$board_category = dhtmlchars($board_category);
	$board_category = dhtmlchars($board_category);
	/**end**/

	/**脏话过滤**/
	if($mm_board['use_filter'] == '1') {
		bad_check($mm_board['filter_text'],$board_subject.$board_body) && show_msg('board_advertisement');
		bad_check($mm_board['filter_text'],$board_body)                && show_msg('board_advertisement');
	}
	/**end**/

	/**远程连接**/
	if($mm_board['remote_connect'] == '1') {
		!eregi(getenv('HTTP_HOST'),getenv('HTTP_REFERER')) && show_msg('board_remote_acess');
	}
	/**end**/

	/**时间限制**/
	if($mm_board[use_spam] == '1') {
		if (!isset($_SESSION['mvm_board_send_time'])){
			$_SESSION['mvm_board_send_time'] = 0;
		}
		if (($m_now_time - $_SESSION['mvm_board_send_time']) < 10){
			show_msg('board_auto_acess');
		}else {
			$_SESSION['mvm_board_send_time'] = $m_now_time;
		}
	}
	/**end**/

	/**IP 限制**/
	if($mm_board['ip_select'] == '1') {
		bad_check($mm_board['ip_close'],$m_user_ip)    && show_msg('board_ip_not');
	} elseif($mm_board['ip_select'] == '2') {
		!bad_check($mm_board['ip_connect'],$m_user_ip) && show_msg('board_ip_acess');
	}
	/**end**/

	/**屏蔽用户**/
	if($mm_board['name_close']) {
		bad_check($mm_board['name_close'],$board_id) && show_msg('board_user_acess');
	}
	/**end**/

}

/**发表文章**/
if($ps_mode == 'write' && $action) {

	/**同样的内容检查**/
	$action         = trim(strtr($action, array("\\\\" => "\\\\\\\\", '_' => '\_', '%' => '\%')));
	$board_body     = trim(strtr($board_body, array("\\\\" => "\\\\\\\\", '_' => '\_', '%' => '\%')));
	$board_subject  = trim(strtr($board_subject, array("\\\\" => "\\\\\\\\", '_' => '\_', '%' => '\%')));
	$max_uid = $db->get_one("SELECT MAX(uid) FROM `{$tablepre}bmain` WHERE ps_name = '$action'");
	$max_uid = array_values($max_uid);
	if($max_uid[0] > 3) {
		$temp_max_uid = $max_uid[0] - 3;
		$equal_cono = $db->counter("{$tablepre}bmain","uid <= '$max_uid[0]' and uid >= '$temp_max_uid' and board_body = '$board_body' and board_subject='$board_subject' and ps_name = '$action'");
		$equal_cono >= 1 && show_msg('board_content');
	}
	/**end**/
	if($m_check_rank < $mm_board['class_write']) {
		if(!$m_check_id) {
			show_msg('board_grant_write',GetBaseUrl('logging','login'));
		} else {
			show_msg('board_grant_write');
		}
	}
	/**判断是否置顶处理**/
	if($use_notice == '1') {
		$list = $db->get_one("SELECT MIN(headnum) FROM  `{$tablepre}bmain` WHERE headnum < 1000 and headnum > 1");
		$min_no = array_values($list);
		$min_no[0] ? $temp_headnum = $min_no[0] - 1 : $temp_headnum = 999;
	} else {
		$list = $db->get_one("SELECT MIN(headnum) FROM  `{$tablepre}bmain` WHERE headnum > 1000");
		$min_no = array_values($list);
		$min_no[0] ? $temp_headnum = $min_no[0] - 100 : $temp_headnum = 2000000000;
	}
	/**end**/
	$query = "INSERT INTO `{$tablepre}bmain`  SET
                      ps_name         = '$action',
                      headnum         = '$temp_headnum',
                      board_id        = '$board_id',
                      board_name      = '$board_name',
                      board_email     = '$board_email',
                      board_subject   = '$board_subject',
                      use_html        = '$use_html',
                      use_secret      = '$use_secret',
                      board_category  = '$board_category',
                      register_date   = '$m_now_time',
					  approval_date   = '$approval_date',
                      board_hit       = '0',
                      board_ip        = '$m_user_ip',
                      board_body      = '$board_body'";
	$db->query($query);

	/**更新分类统计信息**/
	$total_count = $db->counter("{$tablepre}bmain","ps_name='$action'");
	$db->query("UPDATE `{$tablepre}badmin_table`  SET board_total_record = '$total_count' WHERE board_name_code = '$action'");
	/**end**/

	/**发表文章邮件通知**/
	if($mm_board['use_admin_remail']==1 && $use_mail==1) {
		$mm_mall_title     = $board_subject;
		$mailer_subject    = $board_subject;
		$mailer_send_email = $board_email;
		$mailer_send_name  = $board_name;
		$mailer_body       = $board_body;
		include_once template('email_send');
		$mail_content      = str_replace(array('<!--<!---->','<!---->','<!--fck-->',"\r",substr(MVMMALL_ROOT,0,-1)),'',ob_get_contents());
		ob_end_clean();
		smtp_mail($mm_client_email,$board_subject,$mail_content,'html');
		unset($mail_content);
	}
	/**end**/
	move_page(GetBaseUrl('board',$action));
	exit;
}

/**编辑文章**/
elseif($ps_mode == 'modify' && $action && is_numeric($id)) {

	/**权限判断**/
	if($m_check_rank < $mm_board['class_modify']) {
		!$m_check_id &&  show_msg('board_grant_modify',GetBaseUrl('logging','login'));
	}
	if ($m_check_id != $article[board_id] && $mm_adminid!=1){
		show_msg('admin_acess');
	}
	/**end**/

	/**判断是否置顶处理**/
	if($use_notice == '1') {
		$list   = $db->get_one("SELECT MIN(headnum) FROM  `{$tablepre}bmain` WHERE headnum < 1000 and headnum > 1");
		$min_no = array_values($list);
		$min_no[0] ? $temp_headnum = $min_no[0] - 1 : $temp_headnum = 999;
	} else {
		$list   = $db->get_one("SELECT MIN(headnum) FROM  `{$tablepre}bmain` WHERE headnum > 1000");
		$min_no = array_values($list);
		$min_no[0] ? $temp_headnum = $min_no[0] - 100 : $temp_headnum = 2000000000;
	}
	/**end**/
	$query = "UPDATE `{$tablepre}bmain` SET
                      board_name      = '$board_name',
                      headnum         = '$temp_headnum',
                      board_email     = '$board_email',
                      board_subject   = '$board_subject',
                      use_html        = '$use_html',
                      use_secret      = '$use_secret',
                      use_mail        = '$use_mail',
                      board_category  = '$board_category',
					  modify_id       = '$m_check_id',
					  modify_ip       = '$m_user_ip',
                      modify_date     = '$m_now_time',
                      approval_date   = '$approval_date',
                      board_body      = '$board_body'
                      WHERE uid ='$id'";
	$db->query($query);

	/**更新分类统计信息**/
	$total_count = $db->counter("{$tablepre}bmain","ps_name='$action'");
	$db->query("UPDATE `{$tablepre}badmin_table`  SET board_total_record = '$total_count' WHERE board_name_code = '$action'");
	/**end**/

	move_page(GetBaseUrl('board',$action));
	exit;
}

/**回复**/
elseif($ps_mode == 'reply' && $action && is_numeric($id)) {

	/**权限判断**/
	if($m_check_rank < $mm_board['class_reply']) {
		if(!$m_check_id) {
			show_msg('board_grant_modify',GetBaseUrl('logging','login'));
		} else {
			show_msg('board_grant_reply');
		}
	}
	/**end**/

	/**同样的内容检查**/
	$max_uid = $db->get_one("SELECT MAX(uid) FROM `{$tablepre}bcomment` WHERE fid = '$id'");
	$max_uid = array_values($max_uid);
	if($max_uid[0] > 3) {
		$temp_max_uid = $max_uid[0] - 3;
		$equal_cono = $db->counter("{$tablepre}bcomment","uid <= '$max_uid[0]' and uid >= '$temp_max_uid' and reply_body = '$board_body' and reply_subject='$board_subject' and fid = '$id'");
		if($equal_cono >= 1){
			show_msg('board_content');
		}
	}
	/**end**/

	$query = "INSERT INTO `{$tablepre}bcomment` SET
                      reply_subject     = '$board_subject',
                      fid               = '$id',
                      user_id           = '$m_check_id',
                      user_name         = '$board_name',
                      reply_body        = '$board_body',
                      reply_ip          = '$m_user_ip',
                      register_date     = '$m_now_time' ";
	$db->query($query);
	/**回复文章邮件通知**/
	if($mm_board['use_white_remail']==1) {
		$mm_mall_title     = $board_subject;
		$mailer_subject    = $board_subject;
		$mailer_send_email = $board_email;
		$mailer_send_name  = $board_name;
		$mailer_body       = $board_body;
		include_once template('email_send');
		$mail_content = str_replace(array('<!--<!---->','<!---->','<!--fck-->',"\r",substr(MVMMALL_ROOT,0,-1)),'',ob_get_contents());
		ob_end_clean();
		smtp_mail($article[board_email],$board_subject,$mail_content,'html');
		unset($mail_content);
	}
	/**end**/

	move_page("article.php?action=$action&id=$id");
	exit;
}

/**回复修改**/
elseif($ps_mode == 'editreply' && $action && is_numeric($id)) {

	/**权限判断**/
	if($m_check_rank < $mm_board['class_reply']) {
		if(!$m_check_id) {
			show_msg('board_grant_modify',GetBaseUrl('logging','login'));
		} else {
			show_msg('board_grant_reply');
		}
	}
	/**end**/
	$query = "UPDATE `{$tablepre}bcomment` SET
                      reply_subject     = '$board_subject',
                      user_id           = '$m_check_id',
                      user_name         = '$board_name',
                      reply_body        = '$board_body',
                      reply_ip          = '$m_user_ip',
                      register_date     = '$m_now_time'
                      WHERE uid='$id'";
	$db->query($query);
	$rs_list= $db->get_one("SELECT fid,uid FROM `{$tablepre}bcomment` WHERE uid=$id");
	move_page("article.php?action=$action&id=$rs_list[fid]");
	exit;
}

/**批量删除主文章**/
elseif($ps_mode == 'board_all_delete' && is_array($uid_check)) {
	/**权限判断**/
	if($m_check_rank < $mm_board['class_delete'] && $mm_adminid!=1) {
		show_msg('board_notice_quanli');
	}
	$uid_check = dhtmlchars($uid_check);
	for($i=0;$i<count($uid_check);$i++) {
		$r_list = $db->get_one("SELECT uid FROM {$tablepre}bmain WHERE uid='$uid_check[$i]'");
		$db->query("DELETE FROM `{$tablepre}bmain` WHERE uid='$uid_check[$i]'");
		$db->query("DELETE FROM `{$tablepre}bcomment` WHERE fid='$uid_check[$i]'");//删除回复
	}
	$total_count = $db->counter("{$tablepre}bmain","");
	$db->query("UPDATE `{$tablepre}badmin_table` SET board_total_record = '$total_count' WHERE board_name_code = '$action'");
	move_page("board.php?action=$action");
	exit;
}

/**删除回复文章**/
elseif($ps_mode == 'reply_delete' && $action && is_numeric($uid) && $id) {
	$obc_list =   $db->get_one("SELECT * FROM {$tablepre}bcomment WHERE user_id='$m_check_id' AND uid = '$uid'");
	/**权限判断**/
	if($m_check_rank < $mm_board['class_delete'] && $mm_adminid!=1) {
		if(!$m_check_id) {
			if($obc_list['user_id']) {
				show_msg('board_grant_delete',GetBaseUrl('logging','login'));
			}
		} else {
			show_msg('board_grant_delete_member');
		}
	}elseif ($m_check_id==$obc_list['user_id'] || $mm_adminid==1) {
		$db->query("DELETE FROM `{$tablepre}bcomment` WHERE uid='$uid'");
	}else {
		show_msg('board_notice_quanli');
	}
	move_page("article.php?action=$action&id=$id");
	exit;
} else {
	show_msg('pass_worng');
}
